The increased use of the Internet, intranets and extranets for gaining access to computer systems and networks has led to a commensurate increase in unauthorized access or attempted access to these systems and networks. This activity is unauthorized whether or not its purpose is of a malicious nature. As a result, intrusion prevention, detection and correction technologies have taken on a more significant role in computer system and network security.
Networked computing systems often incorporate a variety of security measures to protect against a wide variety of unauthorized intrusions, access, or attacks against the computing system that can result in degraded performance, loss of service to authorized clients, loss of content on the system, etc. There are many different types of security attacks, and different attacks require different security countermeasures in the endpoint systems (client and servers) and networks. For example, a “Trojan horse” attack may result when an unauthorized executable program is downloaded to the endpoint system either accidentally or hidden within a legitimate program downloaded by the user of the endpoint system. This Trojan horse may cause an unauthorized transfer of data to the external network.
Security tools often address these types of attacks with security functions such as access control list (ACL) enforcement. ACL enforcement entails having each resource within an endpoint system maintain an ACL that lists permitted actions that can be performed by a particular user acting in a particular role, as indicated by a user context (such as an instance where a user has successfully provided a validated identification to the system, usually through some “login” mechanism). Private data stored within the endpoint system is specified in an ACL naming the applications that can use the data and the terms under which they can use it. However, in the case of a security breach such as a Trojan horse, the hidden process has entered with proper authorization from the user when the embodying legitimate program was downloaded, and so is permitted the necessary access rights in the ACL. Therefore, a subsequent upload of private data stored on the endpoint system to the network cannot be prevented because the sub-process or thread of the Trojan horse process has the user's privileges within the endpoint system.
One method to reduce the possible damage that can be done when running unknown applications is for the user to logon to a computer with a user account that has less access rights and/or less privileges than the user would have to the system or network resources if logged on with a superior user account. This method takes advantage of existing computer security system models that determine each user's access to network resources based on permissions granted in the ACL in accordance to that user's credentials. This method would limit any potential damage done by unknown executable code to the exposure of the reduced access rights and/or privileges. There are a number of problems with this method, however. This method requires the user be diligent in logging in as appropriate for a given task. Moreover, such a method is tedious and impractical for most systems and users because network connections are constantly required for most users and applications. Last, damage can be done to the limits of the access rights of the user account.
Another method to reduce possible unauthorized transmission of data by unknown applications running in the computer system is to provide a network monitor that prevents the transmission of large data files without an explicit user acknowledgement. Unfortunately, this method does not protect many smaller files that may contain extremely private information, include tax returns, bank account files, and medical records, for example. These types of files contain highly personal data but would not necessarily contain a large enough amount of data to set off a warning by a network monitor.
Another method of reducing possible damage from malicious uploading of data files from an end user system is the use of a network firewall. However, these firewall systems are network based, thereby only preventing the uploading of files to an unauthorized network. Firewall systems do not have the capability of preventing the unauthorized uploading of data files to an authorized network.
It can be seen that what is needed is enhanced data security in a data processing system that overcomes these problems with the prior art security measures and would prevent the malicious uploading of files to a network. It would be desirable to protect private files from both authorized and unauthorized users, avoid the tedious and unreliable use of multiple user accounts, protect all private files regardless of size, and prevent unauthorized uploading to both authorized and unauthorized networks.